The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires the agent to perform several shell-level operations, including the global installation of an NPM package (docx), the creation of a Node.js script based on a provided template, and the execution of a Python validation script located at /mnt/skills/public/docx/scripts/office/validate.py.
[PROMPT_INJECTION]: The workflow involves an indirect prompt injection surface where untrusted user input from the research generation process is interpolated into the document generation logic. If malicious input is provided, it could potentially interfere with the syntax of the dynamically generated scripts or the final document structure.
Ingestion points: User dialogue answers for research interests, How Might We (HMW) questions, and Knowledge-Alignment-Point (KAP) checkpoints in references/diamond-phases.md.
Boundary markers: The skill does not define specific delimiters or instructions to treat user input as non-executable text during script generation.
Capability inventory: The skill utilizes file-writing capabilities and subprocess execution (node, python, npm) as part of the Phase 4 delivery process.
Sanitization: No explicit sanitization or validation steps are provided for the user-supplied research data before it is incorporated into the output generation phase.

tw-research-proposal-diamond